SB2018061410 - Information disclosure in Linux Kernel
Published: June 14, 2018 Updated: June 15, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Side-channel attack (CVE-ID: CVE-2018-3665)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. A local attacker can conduct cache side-channel attacks and determine register values of other processes.
Note: This vulnerability is known as LazyFP.
2) Information disclosure (CVE-ID: CVE-2018-10940)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in the cdrom_ioctl_media_changed function due to incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED IOCTL. A local attacker can execute a file or program that submits malicious input to the targeted system, trigger memory corruption and access sensitive kernel information, which could be used to conduct further attacks.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58122bf1d856a4ea9581d62a07c557d997d46a19
- https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.138
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.164
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.3
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.20
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.82